General Counsel

What You’ll Do

Commercial and enterprise contracts

• Build Vapi's commercial playbook: MSAs, order forms, DPAs, BAAs, and partnership agreements that win enterprise deals while protecting the business.
• Partner directly with Sales and Solutions Engineering on high-stakes negotiations with Fortune 500 customers.
• Own procurement, vendor, and reseller agreements as we scale our partner ecosystem and underlying model and infrastructure vendors.
• Establish thresholds, fallback positions, and self-service contracting paths so the legal function scales sub-linearly with revenue.

AI and voice-specific regulatory compliance

• Own Vapi's position on the TCPA and the FCC's AI-voice rulings, including consent capture, calling windows, DNC handling, and disclosure obligations for both inbound and outbound use cases.
• Track and operationalize state AI laws and AI-voice statutes, including the Colorado AI Act, Texas SB 140, California Civil Code §3344, Illinois BIPA voiceprint provisions, and emerging proposals in NY, GA, PA, and others.
• Lead Vapi's response to the EU AI Act, including risk classification of voice agents, transparency obligations, and documentation requirements for high-risk uses.
• Develop voice-cloning and synthetic-voice policies, including acceptable-use rules for the platform, consent verification, watermarking and provenance, and law enforcement response.
• Serve as the company's primary point of contact with regulators, including the FCC, FTC, state AGs, and international counterparts.

Privacy and data protection

• Own Vapi's global privacy program, including GDPR, CCPA/CPRA, and emerging state regimes.
• Lead HIPAA compliance and BAA negotiation for our healthcare and insurance customers, in close partnership with Security and Engineering.
• Partner with Security on SOC 2, ISO 27001, and customer audits, and own the legal aspects of incident response and breach notification.
• Set data-handling, retention, and residency policies for voice recordings, transcripts, and derived data, in coordination with model providers and infrastructure vendors.

Corporate, financing, IP, and employment

• Run corporate matters end-to-end: board governance, equity administration, 409A, option grants, and cap-table hygiene.
• Lead financings, secondary transactions, and (eventually) M&A from the legal side, working closely with the CEO and CFO function.
• Build Vapi's IP strategy, including patent program, trademark portfolio, open-source policy, and trade-secret protection across our model orchestration and voice infrastructure stack.
• Own employment legal: offers, equity, separations, immigration, anti-discrimination training, and the legal aspects of our compensation philosophy as we scale.

Strategic and operating partner

• Sit on the leadership team. Help us decide which markets to enter, which customers to take, and which lines we won't cross.
• Brief the board and investors on legal and regulatory risk in clear, business-first language.
• Build the legal function: own outside counsel relationships, set the budget, hire your first reports as we grow, and instrument legal so we can measure cycle time and risk.
• Be a culture carrier. Act like a founder. Stay customer-obsessed. Respect the engineering-first DNA of the company.

Who You Are

• J.D. from a top law school and active bar membership (California preferred).
• 8+ years of relevant experience, including a strong foundation at a top-tier law firm and meaningful in-house time at a high-growth technology company. Prior experience as a GC, Head of Legal, or senior in-house lead is a strong plus.
• Deep commercial contracting chops with enterprise SaaS or infrastructure customers. You have negotiated large MSAs, DPAs, and BAAs across regulated industries.
• Working fluency in one or more of: TCPA / telecom regulation, AI regulation (Colorado AI Act, EU AI Act), biometric privacy (BIPA), HIPAA, or content/IP issues specific to generative AI.
• Comfort sitting next to engineers and PMs and reasoning about product behavior, not just paper. You can read an API spec, a system diagram, or a security architecture without flinching.
• A bias to action. You write the first draft, ship the policy, and iterate. You do not gatekeep through the process.
• Excellent judgment under uncertainty. Voice AI law is genuinely unsettled in places, and you are comfortable making calls and owning them.
• Clear, plainspoken communication with executives, customers, and regulators alike.

Bonus points

• Prior experience as the first or sole GC at a Series A–C company.
• Background at a comms, CPaaS, voice, or contact-center company (e.g., Twilio, Five9, Genesys, RingCentral) or at a foundation-model or AI-platform company.
• Hands-on experience with SOC 2 Type II, HITRUST, or ISO 27001 in a legal capacity.
• Direct experience navigating regulator inquiries, CIDs, or formal investigations.
• International experience, particularly with EU, UK, Canadian, or LATAM data-protection regimes.

What We Offer

• Competitive compensation: includes a strong base salary and meaningful equity ownership
• Comprehensive health coverage: medical, dental, and vision plans
• Flexible time off: take-what-you-need vacation policy with an emphasis on rest and balance
• Daily meals: catered lunches and dinners provided for in-office days
• Lifestyle & wellness stipends: monthly allowances to support rent, transportation, food, fitness, and mental well-being
• Professional development: annual learning stipends for courses, conferences, and upskilling
• Team connection: regular offsites, team events, and opportunities to build in-person relationships